The other component is that once they have the phone number, they can do anything with it they want, unless you leave the network. E.g. facebook once did the same, they required phone numbers "for two factor authentication". They promised to not use the numbers for anything else. A few years later they started sending SMS spam to users about what their friends did on facebook, and now facebook users can enter the number and the associated accounts show up... even though the number was supposed to be only for two factor auth. Your only choice as individual user is to leave the platform.
> Your only choice as individual user is to leave the platform.
That's not even enough anymore. You also have to make sure that every one of your contacts do not upload their address book to conveniently find friends like you who may or may not be on the network. And that they don't tag you in images, events, etc.
You're an entry in the Facebook database, whether you have or have had an active profile or not.
This is why you should block ads and trackers even if you're not a Facebook user. I have blocked all their domains in my hosts file also.
Would you mind sharing the hosts file for blocking FB and all of their domains? I've done this too in the past, but my list seems outdated for a while now.